[PATCH] Patch to fix supplicant crash seen in P2P WPS overlap case.

JJ mails4jj at gmail.com
Mon Oct 24 04:00:42 EDT 2011


Patch to fix supplicant crash seen in P2P WPS overlap case. Once overlap
is detected, the wpa_s corresponding to P2P Group formation is freed.
This patch avoids accessing the wpa_s data structure after it is freed.
Kinldy see whether the patch is okay.

---
 wpa_supplicant/events.c           |   16 +++++++++++-----
 wpa_supplicant/wpa_supplicant_i.h |    2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4ec935e..f42a6e6 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -706,7 +706,7 @@ static void wpa_supplicant_req_new_scan(struct
wpa_supplicant *wpa_s,
 }


-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
                           struct wpa_bss *selected,
                           struct wpa_ssid *ssid)
 {
@@ -715,13 +715,13 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
                       "PBC session overlap");
 #ifdef CONFIG_P2P
               if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1)
-                       return;
+                       return -1;
 #endif /* CONFIG_P2P */

 #ifdef CONFIG_WPS
               wpas_wps_cancel(wpa_s);
 #endif /* CONFIG_WPS */
-               return;
+               return -1;
       }

       /*
@@ -737,7 +737,7 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
             0))) {
               if (wpa_supplicant_scard_init(wpa_s, ssid)) {
                       wpa_supplicant_req_new_scan(wpa_s, 10, 0);
-                       return;
+                       return 0;
               }
               wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
                       "reassociate: %d  selected: "MACSTR "  bssid: "
MACSTR
@@ -750,6 +750,8 @@ void wpa_supplicant_connect(struct wpa_supplicant
*wpa_s,
               wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
                       "selected AP");
       }
+
+       return 0;
 }


@@ -975,7 +977,11 @@ static int _wpa_supplicant_event_scan_results(struct
wpa_supplicant *wpa_s,
               wpa_scan_results_free(scan_res);
               if (skip)
                       return 0;
-               wpa_supplicant_connect(wpa_s, selected, ssid);
+
+               if(wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
+                       wpa_dbg(wpa_s, MSG_DEBUG, "Connect Failed");
+                       return -1;
+               }
               wpa_supplicant_rsn_preauth_scan_results(wpa_s);
       } else {
               wpa_scan_results_free(scan_res);
diff --git a/wpa_supplicant/wpa_supplicant_i.h
b/wpa_supplicant/wpa_supplicant_i.h
index 54f5cc4..afcfda9 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -671,7 +671,7 @@ int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s);

 /* events.c */
 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s);
-void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
+int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
                           struct wpa_bss *selected,
                           struct wpa_ssid *ssid);

--
1.7.4.1


- *Jithu Jance.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20111024/7ce3c350/attachment.htm 


More information about the HostAP mailing list